limiting java ssl debug logging

使用 JVM 标志

-Djavax.net.debug=ssl

正在产生大量的日志记录，即服务器上每个 SSL 事件的详细信息。无论如何都要让它记录错误吗？或者可能有这些标志的一些更好的子集产生更整齐的输出

all            turn on all debugging
ssl            turn on ssl debugging


The following can be used with ssl:


record       enable per-record tracing
handshake    print each handshake message
keygen       print key generation data
session      print session activity
defaultctx   print default SSL initialization
sslctx       print SSLContext tracing
sessioncache print session cache tracing
keymanager   print key manager tracing
trustmanager print trust manager tracing
pluggability print pluggability tracing


handshake debugging can be widened with:
data         hex dump of each handshake message
verbose      verbose handshake message printing


record debugging can be widened with:
plaintext    hex dump of record plaintext
packet       print raw SSL/TLS packets

Further reading

• JavaSE8: JavaSecureSocket 扩展(JSSE)参考指南: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html
• JavaSE 8: Debugging SSL/TLS Connections: https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ReadDebug.html
• JavaSE11: JavaSecureSocket 扩展(JSSE)参考指南: https://docs.oracle.com/en/java/javase/11/security/java-secure-socket-extension-jsse-reference-guide.html